DRAFT Joint Wireless Administrator Checklist
Version 1.1 22 December 2005
Daily Tasks
Physically locate rogue wireless devices within AOR Identify rogue devices with wireless discovery device Physically locate rogue devices Verify authorization for device or disable Document wireless device information for rogue devices located outside AOR Document and report wireless device information for rogue devices located within AOR through approved reporting channels Track visit request to coordinate/prevent wireless enabled devices from entering/leaving AOR Review Wireless Access Point audit logs Identify and research system warning and error messages Identify and research failed access attempts Identify and research communication problems Track/monitor performance and activity Review Wireless IDS audit logs Research generated alerts Identify and research system warning and error messages Identify and research failed access attempts Identify and research communication problems Track/monitor performance and activity Review Wireless I/A device (i.e. RADIUS) audit logs Identify and research failed logon attempts Identify and research system warning and error messages Track/monitor performance and activity Virus scan devices that are part of the wireless infrastructure Use approved virus scanner to scan wireless devices (where appropriate)
Weekly Tasks
Wireless device configuration management Check vendor sites for patch and firmware updates Update Wireless IDS signature files Update Anti-Virus signature files Monitor security news sources for wireless security related information
�
Compare wireless network device configuration files against a baseline for changes Check for Unnecessary Services
Archive Audit logs Archive audit logs to a media/device with one-year retention Monitor wireless device performance Verify wireless encryption/authentication devices (RADIUS, IPSEC service, etc) for proper performance and activity Run hardware integrity diagnostics on wireless network devices Synchronize clock/time on wireless devices Perform/verify weekly backup Run and verify that a successful backup of wireless network devices has been completed
Monthly Tasks
Perform Self-Assessment Security and Policy Review Obtain latest copy of Wireless and Network STIGs and Checklists Use Wireless Checklist to perform Self-Assessment Security Review Use Network Checklist to perform Self-Assessment Security Review Ensure wireless infrastructure complies with site Wireless Policy Document deviations between Wireless Policy and STIG requirements with the current wireless infrastructure configuration Develop plan to implement remediation actions to mitigate deviations Implement corrective actions to mitigate deviations Run an approved Vulnerability scanner (SCCVI) Wireless device configuration management Compare device configuration with documented secure baseline Verify physical location of wireless devices Verify physical integrity of wireless devices (have devices been modified or opened) Verify equipment has not been replaced or moved Verify antenna location, position, and direction Verify wireless client security configuration Spot check the configuration on a sample of wireless client devices (25% of wireless devices) Identify wireless profiles that indicate wireless client is accessing unauthorized wireless networks
�Quarterly Tasks
Wireless device configuration management Change administrator/management passwords on wireless network devices Change Pre-Shared Key (PSK) on all appropriate devices Test backup/restore procedures Restore backup files to a test system to verify procedures and files are usable Wireless signal strength mapping Use mobile device to identify/document signal coverage of wireless network devices Use mobile device to identify/document residential/commercial wireless devices that are visible during site surveys
Annual Tasks
Participate in STIG maintenance Provide enhancement comments on STIGs requirements to fso_spt@disa.mil Participate in STIG Technical Interchange Meetings (TIM) Review and update site policies and training Ensure site Wireless Security Policy reflects current DOD Wireless Policy and STIG requirements Ensure site Acceptable Use Policy addresses current Wireless Security Policy Ensure personnel Annual Security Awareness Training addresses current site Wireless Security Policy Ensure site Certification and Accreditation documents reflect the current wireless infrastructure Ensure wireless users are informed about increased level of threat associated with wireless usage Ensure wireless users receive additional training related to wireless attack detection and prevention
Initial
Subscribe to STIG News Reference http://iase.disa.mil/request-mail.html Subscribe to JTF-GNO Mailings Reference ftp://ftp.cert.mil/pub/misc/subscribe.htm
�Tasks as Required
Wireless device configuration management Delete clients from the MAC address filtering list and access control list that no longer require wireless network access Install vendor security patches Update VMS for IAVMs Update wireless device firmware Schedule downtime for system/device reboots Change all default passwords on new equipment Wireless user account management Maintain list of authorized wireless users Verify list of authorized wireless users still require wireless access Verify User Account Configuration Remove access from users that are no longer authorized for wireless access Ensure new wireless users have signed a site Wireless Usage Agreement Authorized wireless device tracking Maintain list of authorized wireless devices (see STIG for list requirements) Remove devices that are no longer approved for wireless access After administrator personnel departure Change encryption keys on all wireless network devices Change administrator passwords Change passwords on wireless network devices Remove departing administrator’s wireless access INFOCON Status requirement changes Adjust wireless security review/configuration to reflect current INFOCON requirements After system configuration changes Verify changes accomplish the desired objectives Create Emergency System Recovery Data Create new system configuration baseline Document System Configuration Changes Review and update SSAA Update VMS for Asset Changes Run and verify that a successful backup of the device has been performed Note the locations of wireless routers, APs, repeaters, dependent security devices, and antenna on installation maps and floor plans
�
Use mobile device to identify/document signal coverage of wireless network devices (same process as Monthly Task)
After security incident involving wireless infrastructure Perform all tasks identified in this checklist ---------------------------------------------------------------References http://iase.disa.mil - Security Technical Implementation Guides (STIGs)
Point of Contact for Document: fso_spt@disa.mil Document Location: http://iase.disa.mil Incident Notification: Contact Site IAO ----------------------------------------------------------------
�